在 Azure Active Directory B2C 中使用自定义策略配置会话行为Configure session behavior using custom policies in Azure Active Directory B2C

使用 Azure Active Directory B2C (Azure AD B2C) 中的单一登录 (SSO) 会话管理,管理员可在用户已通过身份验证之后控制与用户的交互。Single sign-on (SSO) session management in Azure Active Directory B2C (Azure AD B2C) enables an administrator to control interaction with a user after the user has already authenticated. 例如,管理员可以控制是否显示标识提供者选择,或是否需要再次输入帐户详细信息。For example, the administrator can control whether the selection of identity providers is displayed, or whether account details need to be entered again. 本文介绍如何配置 Azure AD B2C SSO 的设置。This article describes how to configure the SSO settings for Azure AD B2C.

会话行为属性Session behavior properties

可使用以下属性来管理 Web 应用程序会话:You can use the following properties to manage web application sessions:

  • Web 应用会话生存期(分钟) - 身份验证成功后,存储在用户浏览器上的 Azure AD B2C 会话 Cookie 的生存期。Web app session lifetime (minutes) - The lifetime of Azure AD B2C's session cookie stored on the user's browser upon successful authentication.
    • 默认值 = 86400 秒(1440 分钟)。Default = 86400 seconds (1440 minutes).
    • 最小值(含)= 900 秒(15 分钟)。Minimum (inclusive) = 900 seconds (15 minutes).
    • 最大值(含)= 86400 秒(1440 分钟)。Maximum (inclusive) = 86400 seconds (1440 minutes).
  • Web 应用会话超时 - 会话到期类型:“滚动”或“绝对” 。Web app session timeout - The session expiry type, Rolling, or Absolute.
  • 单一登录配置 - Azure AD B2C 租户中跨多个应用和用户流的单一登录 (SSO) 行为的会话范围Single sign-on configuration - The session scope of the single sign-on (SSO) behavior across multiple apps and user flows in your Azure AD B2C tenant.

配置属性Configure the properties

若要更改会话行为和 SSO 配置,需要在 RelyingParty 元素内添加 UserJourneyBehaviors 元素。To change your session behavior and SSO configurations, you add a UserJourneyBehaviors element inside of the RelyingParty element. UserJourneyBehaviors 元素必须紧跟在 DefaultUserJourney 之后。The UserJourneyBehaviors element must immediately follow the DefaultUserJourney. UserJourneyBehavors 元素应当如以下示例所示:Your UserJourneyBehavors element should look like this example:

<UserJourneyBehaviors>
   <SingleSignOn Scope="Application" />
   <SessionExpiryType>Absolute</SessionExpiryType>
   <SessionExpiryInSeconds>86400</SessionExpiryInSeconds>
</UserJourneyBehaviors>

后续步骤Next steps